[src/trunk]: src/sys/net Drop unicast packets that are not for us

[yamaguchi <yamaguchi%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/99d8187067bb
branches:  trunk
changeset: 984387:99d8187067bb
user:      yamaguchi <yamaguchi%NetBSD.org@localhost>
date:      Tue Jul 06 02:39:46 2021 +0000

description:
Drop unicast packets that are not for us
when vlan(4) is not in promisc

diffstat:

 sys/net/if_vlan.c |  22 ++++++++++++++++++++--
 1 files changed, 20 insertions(+), 2 deletions(-)

diffs (43 lines):

diff -r ecc30eb838f5 -r 99d8187067bb sys/net/if_vlan.c
--- a/sys/net/if_vlan.c Tue Jul 06 02:34:12 2021 +0000
+++ b/sys/net/if_vlan.c Tue Jul 06 02:39:46 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_vlan.c,v 1.156 2021/07/06 02:34:12 yamaguchi Exp $  */
+/*     $NetBSD: if_vlan.c,v 1.157 2021/07/06 02:39:46 yamaguchi Exp $  */
 
 /*
  * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc.
@@ -78,7 +78,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.156 2021/07/06 02:34:12 yamaguchi Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.157 2021/07/06 02:39:46 yamaguchi Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1661,6 +1661,24 @@
                m_adj(m, mib->ifvm_encaplen);
        }
 
+       /*
+        * Drop promiscuously received packets if we are not in
+        * promiscuous mode
+        */
+       if ((m->m_flags & (M_BCAST | M_MCAST)) == 0 &&
+           (ifp->if_flags & IFF_PROMISC) &&
+           (ifv->ifv_if.if_flags & IFF_PROMISC) == 0) {
+               struct ether_header *eh;
+
+               eh = mtod(m, struct ether_header *);
+               if (memcmp(CLLADDR(ifv->ifv_if.if_sadl),
+                   eh->ether_dhost, ETHER_ADDR_LEN) != 0) {
+                       m_freem(m);
+                       if_statinc(&ifv->ifv_if, if_ierrors);
+                       goto out;
+               }
+       }
+
        m_set_rcvif(m, &ifv->ifv_if);
 
        if (pfil_run_hooks(ifp->if_pfil, &m, ifp, PFIL_IN) != 0)